“I never use Wi-Fi networks, so man in the middle attacks via Wi-Fi are not my problem” told us an executive of a large organization during a demonstration of SEP Mobile’s innovative mobile security solution.
- The attacker needs to be physically close to the victim
- The victim needs to first connect to the rogue Wi-Fi network
iOS devices hold predefined mobile carrier settings under /System/Library/Carrier Bundles. We examined this directory and discovered many bundles that actually contain definition of Wi-Fi settings. Below is a sample list of carriers and the associated SSID(s) of networks they pre-configure on the device. While some of bundles include SSID passwords in plain text, we have decided not to publish them.
|SKT_kr||T wifi home||Softbank_jp||mobilepoint|
|SFR_fr||SFR WiFi Mobile||SKT_kr||T wifi zone_secure|
|SingTel_sg||SingTel Highspeed WIFI||Sonera_fi||homerun1x|
Putting the attack to test
We wanted to put the attack to a test without actually attacking anyone or compromising their privacy. We decided to create several Wi-Fi hotspots and simply count the number of devices that got connect to them. In order to do so, we used a simple D-Link router, installed dd-wrt firmware on it, and created several virtual Wi-Fi interfaces. We’ve set the SSIDs according to the networks listed in the carrier bundles list, as well as based on common Wi-Fi SSIDs. We are going to perform a first live demonstration in the Third International Cyber Security Conference, and will be sure to report back on our results.
Is this threat being exploited?
Organizations and Wi-fi network carriers
If you are part of an organization that is worried about mobile security, we would love you to join our beta program, and enjoy seamless security on both your corporate and employee’s owned devices. While our product is still under development, our patent pending technology has already been proven to be valuable to several customers.
If you represent a large Wi-Fi networks provider or a carrier, you can easily integrate our solution into your infrastructure, thus allowing your customers to enjoy the benefits of SEP Mobile’s protection suite, while continue using their devices seamlessly. Please contact us for further discussion.